diff options
| author | Jan Glauber <jang@linux.vnet.ibm.com> | 2011-04-20 04:15:31 -0400 |
|---|---|---|
| committer | Martin Schwidefsky <sky@mschwide.boeblingen.de.ibm.com> | 2011-04-20 04:15:43 -0400 |
| commit | c708c57e247775928b9a6bce7b4d8d14883bf39b (patch) | |
| tree | fe47b86f80b931b3cb072a5c687d309cde1e9c7c /arch/s390/crypto | |
| parent | 65f8da475995f667af5298c644707dbd9d646ca6 (diff) | |
[S390] prng: prevent access beyond end of stack
While initializing the state of the prng only the first 8 bytes of
random data where used, the second 8 bytes were read from the memory
after the stack. If only 64 bytes of the kernel stack are used and
CONFIG_DEBUG_PAGEALLOC is enabled a kernel panic may occur because of
the invalid page access. Use the correct multiplicator to stay within
the random data buffer.
Signed-off-by: Jan Glauber <jang@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Diffstat (limited to 'arch/s390/crypto')
| -rw-r--r-- | arch/s390/crypto/prng.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/s390/crypto/prng.c b/arch/s390/crypto/prng.c index 975e3ab13cb5..44bca3f994b0 100644 --- a/arch/s390/crypto/prng.c +++ b/arch/s390/crypto/prng.c | |||
| @@ -76,7 +76,7 @@ static void prng_seed(int nbytes) | |||
| 76 | 76 | ||
| 77 | /* Add the entropy */ | 77 | /* Add the entropy */ |
| 78 | while (nbytes >= 8) { | 78 | while (nbytes >= 8) { |
| 79 | *((__u64 *)parm_block) ^= *((__u64 *)buf+i*8); | 79 | *((__u64 *)parm_block) ^= *((__u64 *)buf+i); |
| 80 | prng_add_entropy(); | 80 | prng_add_entropy(); |
| 81 | i += 8; | 81 | i += 8; |
| 82 | nbytes -= 8; | 82 | nbytes -= 8; |